#25501: Ensure WTF-Pad padding comes from the expected hop -------------------------------------------------+------------------------- Reporter: dgoulet | Owner: | mikeperry Type: task | Status: | assigned Priority: Medium | Milestone: Tor: | 0.3.5.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: control-flow, tor-circuit, 035 | Actual Points: -roadmap-master | Parent ID: | Points: Reviewer: | Sponsor: | Sponsor2 -------------------------------------------------+------------------------- Changes (by mikeperry):
* owner: dgoulet => mikeperry Old description: > Roadmap master ticket for this sponsored task. > > See child tickets for specific tasks. New description: When first looking at the WTF-Pad design for integration into Tor, we were concerned that there may be flow control issues with padding causing our SENDME windows to empty prematurely. It turns out that RELAY_DROP does not count towards these windows though, so no updates are needed there. However, we should add an additional check to ensure that RELAY_DROP cells come from the expected hop (middle). This check is easy to do -- just inspect the layer_hint after the cell is recognized and see where it came from. In this way, we can prevent a malicious Exit node or RP from injecting end-to-end side channel cells, while still allowing padding. -- -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25501#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs